1 files changed, 1 insertions, 2 deletions

diff --git a/guides/source/security.md b/guides/source/security.md
index 0b0cfe69c4..769bd130be 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -9,7 +9,6 @@ After reading this guide, you will know:
 * The concept of sessions in Rails, what to put in there and popular attack methods.
 * How just visiting a site can be a security problem (with CSRF).
 * What you have to pay attention to when working with files or providing an administration interface.
-* The Rails-specific mass assignment problem.
 * How to manage users: Logging in and out and attack methods on all layers.
 * And the most popular injection attack methods.
 
@@ -210,7 +209,7 @@ The HTTP protocol basically provides two main types of requests - GET and POST (
 * The interaction _changes the state_ of the resource in a way that the user would perceive (e.g., a subscription to a service), or
 * The user is _held accountable for the results_ of the interaction.
 
-If your web application is RESTful, you might be used to additional HTTP verbs, such as PUT or DELETE. Most of today's web browsers, however do not support them - only GET and POST. Rails uses a hidden `_method` field to handle this barrier.
+If your web application is RESTful, you might be used to additional HTTP verbs, such as PATCH, PUT or DELETE. Most of today's web browsers, however do not support them - only GET and POST. Rails uses a hidden `_method` field to handle this barrier.
 
 _POST requests can be sent automatically, too_. Here is an example for a link which displays www.harmless.com as destination in the browser's status bar. In fact it dynamically creates a new form that sends a POST request.